shpaq/auricom-home-cluster
1
0
Fork 0
mirror of https://github.com/auricom/home-cluster.git synced 2025-09-17 18:24:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

🚧 terraform

Browse Source
This commit is contained in:
auricom
2023-11-21 21:39:03 +01:00
parent 8c64aa1b86
commit 19491c9d8c
7 changed files with 35 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
kubernetes/apps/flux-system/tf-controller/terraforms/kustomization.yaml
View File

@@ -4,4 +4,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
resources: resources:
- ./ocirepository.yaml - ./ocirepository.yaml
#- ./terraform.yaml - ./terraform.yaml

6
kubernetes/apps/flux-system/tf-controller/terraforms/terraform.yaml
View File

@@ -8,15 +8,11 @@ spec:
suspend: false suspend: false
approvePlan: auto approvePlan: auto
interval: 12h interval: 12h
path: ./storage/apps path: ./storage/minio
sourceRef: sourceRef:
kind: OCIRepository kind: OCIRepository
name: terraform name: terraform
namespace: flux-system namespace: flux-system
backendConfig:
disable: true
cliConfigSecretRef:
name: tf-controller-tfrc-secret
runnerPodTemplate: runnerPodTemplate:
spec: spec:
env: env:

13
shell.nix Normal file
View File

@@ -0,0 +1,13 @@
let
# Configure Nix to allow unfree packages.
config = {
allowUnfree = true;
};
pkgs = import <nixpkgs> {inherit config;};
in
pkgs.mkShell {
buildInputs = with pkgs; [
terraform
tflint
];
}

10
terraform/storage/minio/main.tf
View File

@@ -7,10 +7,6 @@ terraform {
} }
} }
required_providers { required_providers {
kubernetes = {
source = "hashicorp/kubernetes"
version = "2.23.0"
}
sops = { sops = {
source = "carlpett/sops" source = "carlpett/sops"
version = "1.0.0" version = "1.0.0"
@@ -19,10 +15,14 @@ terraform {
source = "hashicorp/time" source = "hashicorp/time"
version = "0.9.1" version = "0.9.1"
} }
minio = {
source = "aminueza/minio"
version = "~> 2.0" # Replace with your desired version constraint
}
} }
required_version = ">= 1.3.0" required_version = ">= 1.3.0"
} }
data "sops_file" "secrets" { data "sops_file" "secrets" {
source_file = "secrets.sops.yaml" source_file = "./secrets.sops.yaml"
} }

17
terraform/storage/minio/providers.tf
View File

@@ -1,12 +1,7 @@
provider "aws" { provider "minio" {
access_key = "your_access_key" minio_server = data.sops_file.secrets.data["minio_server"]
secret_key = "your_secret_key" minio_user = data.sops_file.secrets.data["minio_root_user"]
region = "us-east-1" minio_password = data.sops_file.secrets.data["minio_root_password"]
endpoints { minio_region = "us-east-1"
s3 = "base64decode(data.sops_file.secrets.data["minio_endpoint"])" minio_ssl = true
}
skip_credentials_validation = true
skip_metadata_api_check = true
skip_requesting_account_id = true
s3_force_path_style = true
} }

6
terraform/storage/minio/secrets.sops.yaml
View File

@@ -1,4 +1,4 @@
minio_endpoint: ENC[AES256_GCM,data:Lx05cjWbTqmXpGMVjJIuFS0blA7m9P0gJH0p+Z8OteM=,iv:SvcuQojEK4nMXY+80oSGSnovKtN221xgGtRHd0U5OaA=,tag:UrWetEvmP4qkBo5kMfzALg==,type:str] minio_server: ENC[AES256_GCM,data:NYLbkjMG3Fr/aPhwirJPWQbiNgn+oSRDzw==,iv:BX5TwBgI/Qe+LZKJ343TNLOnTwtxv4UPDYWMtZof4QM=,tag:a/9r9UPYu2X6YpZFKeFhng==,type:str]
minio_root_user: ENC[AES256_GCM,data:9n5EvcU=,iv:hMpFlmvwYcjHdcdg6zNfHimjhltgTUe7nBUMV6HQi/U=,tag:nSwSU0ebzbH1SWR0ULLhKg==,type:str] minio_root_user: ENC[AES256_GCM,data:9n5EvcU=,iv:hMpFlmvwYcjHdcdg6zNfHimjhltgTUe7nBUMV6HQi/U=,tag:nSwSU0ebzbH1SWR0ULLhKg==,type:str]
minio_root_password: ENC[AES256_GCM,data:TE4Etq58bqOdB6ya13cLfZBdgnI=,iv:y0UF4eC1Gx6zdNEuXTS5GbiYran45w63YjEu4od+ExY=,tag:Qyk+r8NIMc3NltagK5Rrjw==,type:str] minio_root_password: ENC[AES256_GCM,data:TE4Etq58bqOdB6ya13cLfZBdgnI=,iv:y0UF4eC1Gx6zdNEuXTS5GbiYran45w63YjEu4od+ExY=,tag:Qyk+r8NIMc3NltagK5Rrjw==,type:str]
sops: sops:
@@ -16,8 +16,8 @@ sops:
ZFlyQ1lGbnVPaSs4cytQYzNwRnJabmcKP0ogZqsaoD6heCqmObwttBgE039aLqe2 ZFlyQ1lGbnVPaSs4cytQYzNwRnJabmcKP0ogZqsaoD6heCqmObwttBgE039aLqe2
R55NPkQJJyFSbDbdDmPApE4IwtXay54QGw2RR4AxOZW4G2dWhdzP3w== R55NPkQJJyFSbDbdDmPApE4IwtXay54QGw2RR4AxOZW4G2dWhdzP3w==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2023-11-16T01:41:33Z" lastmodified: "2023-11-21T21:49:39Z"
mac: ENC[AES256_GCM,data:PBr4A9D6grWs7HgMGloDnDOhhT4/v4PvyqFxhdfzsm38FfZomceh7PpfMbdEH/Fv6Jsv9Z8f7aWTCt4IiSCGENJyZSGIL14ABDw/ao44Q1wtsh2Axjm4KWPr1iWWtu/Cbdv22vdbK2hlM0sXkCfiPboWIkVpaFTQQ5EW7+stryw=,iv:2Vdp7i4EdL/LVo9BD3PVCn5lan/J0khVdOcIIv66ayE=,tag:X5LdJESAcdDRXOQNlYoP3A==,type:str] mac: ENC[AES256_GCM,data:c88bI6mQ7jWt2x4+TUqyMYEcymeDrelAxn71Sk0UrDhy/nVQwzUK5kpgSsxKLm54KAYSgedhK+gd9lZtIMFb31tQovsqH2L3YwZEfZj/gRbeysfFNKDSNyYGcR1Qn21YlsVG3hjCow6/c7wadJdYH+7GfoGw4yMzfcreUs6QbYs=,iv:ElJDRvMhNPDgvBR2DKLJY2Nan7nY+SoK7AhZ+zEoAfs=,tag:bYYS/iTCLHNLr/srjyY72Q==,type:str]
pgp: [] pgp: []
unencrypted_regex: ^(kind)$ unencrypted_regex: ^(kind)$
version: 3.8.1 version: 3.8.1

13
terraform/storage/minio/svc_volsync.tf
View File

@@ -1,15 +1,14 @@
resource "aws_s3_bucket" "volsync" { resource "minio_s3_bucket" "volsync" {
bucket = "volsync" bucket = "volsync"
acl = "private" acl = "private"
} }
resource "aws_iam_user" "volsync_user" { resource "minio_iam_user" "volsync_user" {
name = "volsync" name = "volsync"
} }
resource "aws_iam_policy" "volsync_private" { resource "minio_iam_policy" "volsync_private" {
name = "volsync_private" name = "volsync_private"
description = "Policy for volsync user to access volsync bucket"
policy = jsonencode({ policy = jsonencode({
Version = "2012-10-17", Version = "2012-10-17",
@@ -31,7 +30,7 @@ resource "aws_iam_policy" "volsync_private" {
}) })
} }
resource "aws_iam_user_policy_attachment" "volsync_user_policy_attachment" { resource "minio_iam_user_policy_attachment" "volsync_user_policy_attachment" {
user = aws_iam_user.volsync_user.name user_name = minio_iam_user.volsync_user.name
policy_arn = aws_iam_policy.volsync_private.arn policy_name = minio_iam_policy.volsync_private.name
} }